1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret and db password.
17 CeilometerApiVirtualIP:
22 description: The ceilometer backend type.
24 CeilometerMeteringSecret:
26 description: Secret shared by the ceilometer services.
31 description: The password for the ceilometer service and db account.
37 CinderEnableNfsBackend:
39 description: Whether to enable or not the NFS backend for Cinder
41 CinderEnableIscsiBackend:
43 description: Whether to enable or not the Iscsi backend for Cinder
45 CinderEnableRbdBackend:
47 description: Whether to enable or not the Rbd backend for Cinder
51 description: The iSCSI helper to use with cinder.
53 CinderLVMLoopDeviceSize:
55 description: The size of the loopback file used by the cinder LVM driver.
57 CinderNfsMountOptions:
60 Mount options for NFS mounts used by Cinder NFS backend. Effective
61 when CinderEnableNfsBackend is true.
66 NFS servers used by Cinder NFS backend. Effective when
67 CinderEnableNfsBackend is true.
68 type: comma_delimited_list
71 description: The password for the cinder service and db account, used by cinder-api.
76 description: Contains parameters to configure Cinder backends. Typically
77 set via parameter_defaults in the resource registry.
81 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
83 ControllerExtraConfig:
86 Controller specific hiera configuration data to inject into the cluster.
88 ControlVirtualInterface:
90 description: Interface where virtual ip will be assigned.
94 description: Set to True to enable debugging on all services.
98 description: Whether to enable fencing in Pacemaker or not.
102 description: Whether to use Galera instead of regular MariaDB.
106 description: Whether to deploy Ceph Storage (OSD) on the Controller
110 description: Whether to enable Swift Storage on the Controller
115 Additional hieradata to inject into the cluster, note that
116 ControllerExtraConfig takes precedence over ExtraConfig.
121 Pacemaker fencing configuration. The JSON should have
122 the following structure:
126 "agent": "AGENT_NAME",
127 "host_mac": "HOST_MAC_ADDRESS",
128 "params": {"PARAM_NAME": "PARAM_VALUE"}
136 "agent": "fence_xvm",
137 "host_mac": "52:54:00:aa:bb:cc",
139 "multicast_address": "225.0.0.12",
140 "port": "baremetal_0",
142 "manage_key_file": true,
143 "key_file": "/etc/fence_xvm.key",
144 "key_file_password": "abcdef"
151 description: Flavor for control nodes to request when deploying.
154 - custom_constraint: nova.flavor
155 GlanceNotifierStrategy:
156 description: Strategy to use for Glance notification queue
160 description: The filepath of the file to use for logging messages from Glance.
165 description: The password for the glance service and db account, used by the glance services.
170 description: Glance port.
174 description: Protocol to use when connecting to glance, set to https for SSL.
178 description: The short name of the Glance backend to use. Should be one
179 of swift, rbd, or file
182 - allowed_values: ['swift', 'file', 'rbd']
183 GlanceFilePcmkDevice:
186 An exported storage device that should be mounted by Pacemaker
187 as Glance storage. Effective when GlanceFilePcmkManage is true.
189 GlanceFilePcmkFstype:
192 Filesystem type for Pacemaker mount used as Glance storage.
193 Effective when GlanceFilePcmkManage is true.
195 GlanceFilePcmkManage:
198 Whether to make Glance file backend a mount managed by Pacemaker.
199 Effective when GlanceBackend is 'file'.
201 GlanceFilePcmkOptions:
204 Mount options for Pacemaker mount used as Glance storage.
205 Effective when GlanceFilePcmkManage is true.
207 HAProxySyslogAddress:
209 description: Syslog address where HAproxy will send its log
213 description: The password for the Heat service and db account, used by the Heat services.
216 HeatStackDomainAdminPassword:
217 description: Password for heat_domain_admin user.
221 HeatAuthEncryptionKey:
222 description: Auth encryption key for heat-engine
227 description: A list of IP/Hostname allowed to connect to horizon
228 type: comma_delimited_list
230 description: Secret key for Django
235 default: overcloud-control
237 - custom_constraint: glance.image
239 default: 'REBUILD_PRESERVE_EPHEMERAL'
240 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
244 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
247 - custom_constraint: nova.keypair
248 KeystoneCACertificate:
250 description: Keystone self-signed certificate authority certificate.
252 KeystoneSigningCertificate:
254 description: Keystone certificate for verifying token validity.
258 description: Keystone key for signing tokens.
261 KeystoneSSLCertificate:
263 description: Keystone certificate for verifying token validity.
265 KeystoneSSLCertificateKey:
267 description: Keystone key for signing tokens.
270 KeystoneNotificationDriver:
271 description: Comma-separated list of Oslo notification drivers used by Keystone
272 default: ['messaging']
273 type: comma_delimited_list
274 KeystoneNotificationFormat:
275 description: The Keystone notification format
279 - allowed_values: [ 'basic', 'cadf' ]
280 MysqlClusterUniquePart:
281 description: A unique identifier of the MySQL cluster the controller is in.
283 default: 'unset' # Has to be here because of the ignored empty value bug
284 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
286 # - length: {min: 4, max: 10}
287 MysqlInnodbBufferPoolSize:
289 Specifies the size of the buffer pool in megabytes. Setting to
290 zero should be interpreted as "no value" and will defer to the
295 description: Configures MySQL max_connections config setting
301 default: '' # Has to be here because of the ignored empty value bug
302 NeutronExternalNetworkBridge:
303 description: Name of bridge used for external network traffic.
306 NeutronBridgeMappings:
308 The OVS logical->physical bridge mappings to use. See the Neutron
309 documentation for details. Defaults to mapping br-ex - the external
310 bridge on hosts - to a physical name 'datacentre' which can be used
311 to create provider networks (and we use this for the default floating
312 network) - if changing this either use different post-install network
313 scripts or be sure to keep 'datacentre' as a mapping network name.
315 default: "datacentre:br-ex"
316 NeutronDnsmasqOptions:
317 default: 'dhcp-option-force=26,1400'
318 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
322 description: Agent mode for the neutron-l3-agent on the controller hosts
326 description: Whether to enable l3-agent HA
328 NeutronDhcpAgentsPerNetwork:
331 description: The number of neutron dhcp agents to schedule per network
334 description: Whether to configure Neutron Distributed Virtual Routers
336 NeutronMetadataProxySharedSecret:
338 description: Shared secret to prevent spoofing
344 The core plugin for Neutron. The value should be the entrypoint to be loaded
345 from neutron.core_plugins namespace.
347 NeutronServicePlugins:
350 Comma-separated list of service plugin entrypoints to be loaded from the
351 neutron.service_plugins namespace.
352 type: comma_delimited_list
354 default: "vxlan,vlan,flat,gre"
356 Comma-separated list of network type driver entrypoints to be loaded.
357 type: comma_delimited_list
358 NeutronMechanismDrivers:
359 default: 'openvswitch'
361 The mechanism drivers for the Neutron tenant network. To specify multiple
362 values, use a comma separated string, like so: 'openvswitch,l2_population'
364 NeutronAllowL3AgentFailover:
366 description: Allow automatic l3-agent failover
368 NeutronEnableTunnelling:
373 default: 'datacentre'
374 description: If set, flat networks to configure in neutron plugins.
377 description: Whether to enable l3-agent HA
381 description: The tenant network type for Neutron, either gre or vxlan.
383 NeutronNetworkVLANRanges:
384 default: 'datacentre'
386 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
387 Neutron documentation for permitted values. Defaults to permitting any
388 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
389 type: comma_delimited_list
392 description: The password for the neutron service and db account, used by neutron agents.
395 NeutronPublicInterface:
397 description: What interface to bridge onto br-ex for network nodes.
399 NeutronPublicInterfaceTag:
402 VLAN tag for creating a public VLAN. The tag will be used to
403 create an access port on the exterior bridge for each control plane node,
404 and that port will be given the IP address returned by neutron from the
405 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
406 overcloud.yaml to include the deployment of VLAN ports to the control
409 NeutronPublicInterfaceDefaultRoute:
411 description: A custom default route for the NeutronPublicInterface.
413 NeutronPublicInterfaceIP:
415 description: A custom IP address to put onto the NeutronPublicInterface.
417 NeutronPublicInterfaceRawDevice:
419 description: If set, the public interface is a vlan with this device as the raw device.
424 The tunnel types for the Neutron tenant network. To specify multiple
425 values, use a comma separated string, like so: 'gre,vxlan'
427 NeutronTunnelIdRanges:
429 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
430 of GRE tunnel IDs that are available for tenant network allocation
431 default: ["1:1000", ]
432 type: comma_delimited_list
435 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
436 of VXLAN VNI IDs that are available for tenant network allocation
437 default: ["1:1000", ]
438 type: comma_delimited_list
444 description: The password for the nova service and db account, used by nova-api.
449 description: Should MongoDb journaling be disabled
456 description: The password for the 'pcsd' user.
458 PublicVirtualInterface:
461 Specifies the interface where the public-facing virtual ip will be assigned.
462 This should be int_public when a VLAN is being used.
464 PublicVirtualIP: # DEPRECATED: use per service settings instead
466 default: '' # Has to be here because of the ignored empty value bug
469 default: '' # Has to be here because of the ignored empty value bug
473 description: The password for RabbitMQ
478 description: The username for RabbitMQ
483 Rabbit client subscriber parameter to specify
484 an SSL connection to the RabbitMQ host.
488 description: Set rabbit subscriber port, change this if using SSL
492 description: Configures RabbitMQ FD limit
496 default: '' # Has to be here because of the ignored empty value bug
497 SnmpdReadonlyUserName:
498 default: ro_snmp_user
499 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
501 SnmpdReadonlyUserPassword:
503 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
508 description: If set, the contents of an SSL certificate authority file.
512 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
517 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
522 description: A random string to be used as a salt when hashing to determine mappings
528 description: Value of mount_check in Swift account/container/object -server.conf
533 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
536 description: Partition Power to use when building Swift rings
540 description: The password for the swift service account, used by the swift proxy
550 description: How many replicas to use in the swift rings.
551 VirtualIP: # DEPRECATED: use per service settings instead
553 default: '' # Has to be here because of the ignored empty value bug
560 GlanceRegistryVirtualIP:
566 KeystoneAdminApiVirtualIP:
569 KeystonePublicApiVirtualIP:
575 EnablePackageInstall:
577 description: Set to true to enable package installation via Puppet
581 description: Mapping of service_name -> network name. Typically set
582 via parameter_defaults in the resource registry.
588 Setting to a previously unused value during stack-update will trigger
589 package update on all nodes
592 default: '' # Defaults to Heat created hostname
597 type: OS::Nova::Server
599 image: {get_param: Image}
600 image_update_policy: {get_param: ImageUpdatePolicy}
601 flavor: {get_param: Flavor}
602 key_name: {get_param: KeyName}
605 user_data_format: SOFTWARE_CONFIG
606 user_data: {get_resource: UserData}
607 name: {get_param: Hostname}
609 # Combine the NodeAdminUserData and NodeUserData mime archives
611 type: OS::Heat::MultipartMime
614 - config: {get_resource: NodeAdminUserData}
616 - config: {get_resource: NodeUserData}
619 # Creates the "heat-admin" user if configured via the environment
620 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
622 type: OS::TripleO::NodeAdminUserData
624 # For optional operator additional userdata
625 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
627 type: OS::TripleO::NodeUserData
630 type: OS::TripleO::Controller::Ports::ExternalPort
632 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
635 type: OS::TripleO::Controller::Ports::InternalApiPort
637 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
640 type: OS::TripleO::Controller::Ports::StoragePort
642 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
645 type: OS::TripleO::Controller::Ports::StorageMgmtPort
647 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
650 type: OS::TripleO::Controller::Ports::TenantPort
652 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
655 type: OS::TripleO::Network::Ports::NetIpMap
657 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
658 ExternalIp: {get_attr: [ExternalPort, ip_address]}
659 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
660 StorageIp: {get_attr: [StoragePort, ip_address]}
661 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
662 TenantIp: {get_attr: [TenantPort, ip_address]}
665 type: OS::TripleO::Network::Ports::NetIpSubnetMap
667 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
668 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
669 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
670 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
671 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
672 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
675 type: OS::TripleO::Controller::Net::SoftwareConfig
677 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
678 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
679 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
680 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
681 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
682 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
685 type: OS::TripleO::SoftwareDeployment
687 config: {get_resource: NetworkConfig}
688 server: {get_resource: Controller}
691 interface_name: {get_param: NeutronPublicInterface}
693 ControllerDeployment:
694 type: OS::TripleO::SoftwareDeployment
695 depends_on: NetworkDeployment
697 config: {get_resource: ControllerConfig}
698 server: {get_resource: Controller}
700 bootstack_nodeid: {get_attr: [Controller, name]}
701 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
702 haproxy_log_address: {get_param: HAProxySyslogAddress}
703 heat.watch_server_url:
707 - {get_param: HeatApiVirtualIP}
709 heat.metadata_server_url:
713 - {get_param: HeatApiVirtualIP}
715 heat.waitcondition_server_url:
719 - {get_param: HeatApiVirtualIP}
720 - ':8000/v1/waitcondition'
721 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
722 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
723 horizon_secret: {get_param: HorizonSecret}
724 admin_password: {get_param: AdminPassword}
725 admin_token: {get_param: AdminToken}
726 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
727 debug: {get_param: Debug}
728 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
729 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
730 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
733 template: "['SERVERS']"
738 - {get_param: CinderNfsServers}
739 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
740 cinder_password: {get_param: CinderPassword}
741 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
742 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
743 cinder_backend_config: {get_param: CinderBackendConfig}
747 - - 'mysql://cinder:'
748 - {get_param: CinderPassword}
750 - {get_param: MysqlVirtualIP}
752 glance_port: {get_param: GlancePort}
753 glance_password: {get_param: GlancePassword}
754 glance_backend: {get_param: GlanceBackend}
755 glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
756 glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
757 glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
758 glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
759 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
760 glance_log_file: {get_param: GlanceLogFile}
764 - - 'mysql://glance:'
765 - {get_param: GlancePassword}
767 - {get_param: MysqlVirtualIP}
769 heat_password: {get_param: HeatPassword}
770 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
775 - {get_param: HeatPassword}
777 - {get_param: MysqlVirtualIP}
779 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
780 keystone_ca_certificate: {get_param: KeystoneCACertificate}
781 keystone_signing_key: {get_param: KeystoneSigningKey}
782 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
783 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
784 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
785 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
786 keystone_notification_format: {get_param: KeystoneNotificationFormat}
790 - - 'mysql://keystone:'
791 - {get_param: AdminToken}
793 - {get_param: MysqlVirtualIP}
795 keystone_identity_uri:
799 - {get_param: KeystoneAdminApiVirtualIP}
805 - {get_param: KeystonePublicApiVirtualIP}
811 - {get_param: KeystonePublicApiVirtualIP}
812 - ':5000/v2.0/ec2tokens'
813 enable_fencing: {get_param: EnableFencing}
814 enable_galera: {get_param: EnableGalera}
815 enable_ceph_storage: {get_param: EnableCephStorage}
816 enable_swift_storage: {get_param: EnableSwiftStorage}
817 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
818 mysql_max_connections: {get_param: MysqlMaxConnections}
819 mysql_root_password: {get_param: MysqlRootPassword}
822 template: tripleo-CLUSTER
824 CLUSTER: {get_param: MysqlClusterUniquePart}
825 neutron_flat_networks: {get_param: NeutronFlatNetworks}
826 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
827 neutron_agent_mode: {get_param: NeutronAgentMode}
828 neutron_router_distributed: {get_param: NeutronDVR}
829 neutron_core_plugin: {get_param: NeutronCorePlugin}
830 neutron_service_plugins:
832 template: "['PLUGINS']"
837 - {get_param: NeutronServicePlugins}
838 neutron_type_drivers:
840 template: "['DRIVERS']"
845 - {get_param: NeutronTypeDrivers}
846 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
847 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
848 neutron_l3_ha: {get_param: NeutronL3HA}
849 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
850 neutron_network_vlan_ranges:
852 template: "['RANGES']"
857 - {get_param: NeutronNetworkVLANRanges}
858 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
859 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
860 neutron_public_interface: {get_param: NeutronPublicInterface}
861 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
862 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
863 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
864 neutron_tenant_network_type: {get_param: NeutronNetworkType}
865 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
866 neutron_tunnel_id_ranges:
868 template: "['RANGES']"
873 - {get_param: NeutronTunnelIdRanges}
876 template: "['RANGES']"
881 - {get_param: NeutronVniRanges}
882 neutron_password: {get_param: NeutronPassword}
883 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
887 - - 'mysql://neutron:'
888 - {get_param: NeutronPassword}
890 - {get_param: MysqlVirtualIP}
891 - '/ovs_neutron?charset=utf8'
896 - {get_param: NeutronApiVirtualIP}
898 neutron_admin_auth_url:
902 - {get_param: KeystoneAdminApiVirtualIP}
904 ceilometer_backend: {get_param: CeilometerBackend}
905 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
906 ceilometer_password: {get_param: CeilometerPassword}
907 ceilometer_coordination_url:
911 - {get_param: RedisVirtualIP}
916 - - 'mysql://ceilometer:'
917 - {get_param: CeilometerPassword}
919 - {get_param: MysqlVirtualIP}
921 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
922 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
923 nova_password: {get_param: NovaPassword}
928 - {get_param: NovaPassword}
930 - {get_param: MysqlVirtualIP}
932 fencing_config: {get_param: FencingConfig}
933 pcsd_password: {get_param: PcsdPassword}
934 rabbit_username: {get_param: RabbitUserName}
935 rabbit_password: {get_param: RabbitPassword}
936 rabbit_cookie: {get_param: RabbitCookie}
937 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
938 rabbit_client_port: {get_param: RabbitClientPort}
939 mongodb_no_journal: {get_param: MongoDbNoJournal}
940 # We need to force this into quotes or hiera will return integer causing
941 # the puppet module validation regexp to fail.
942 # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
947 LIMIT: {get_param: RabbitFDLimit}
950 template: '["server"]'
952 server: {get_param: NtpServer}
953 control_virtual_interface: {get_param: ControlVirtualInterface}
954 public_virtual_interface: {get_param: PublicVirtualInterface}
955 swift_hash_suffix: {get_param: SwiftHashSuffix}
956 swift_password: {get_param: SwiftPassword}
957 swift_part_power: {get_param: SwiftPartPower}
958 swift_replicas: {get_param: SwiftReplicas}
959 swift_min_part_hours: {get_param: SwiftMinPartHours}
960 swift_mount_check: {get_param: SwiftMountCheck}
961 enable_package_install: {get_param: EnablePackageInstall}
962 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
963 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
964 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
965 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
966 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
967 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
968 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
972 - - {get_param: GlanceProtocol}
974 - {get_param: GlanceApiVirtualIP}
976 - {get_param: GlancePort}
977 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
978 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
979 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
980 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
981 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
982 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
983 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
984 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
985 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
986 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
987 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
988 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
989 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
990 redis_vip: {get_param: RedisVirtualIP}
991 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
992 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
993 mysql_virtual_ip: {get_param: MysqlVirtualIP}
994 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
995 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
996 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
998 # Map heat metadata into hiera datafiles
1000 type: OS::Heat::StructuredConfig
1002 group: os-apply-config
1007 - heat_config_%{::deploy_config_name}
1008 - controller_extraconfig
1013 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
1014 - ceph_cluster # provided by CephClusterConfig
1016 - bootstrap_node # provided by BootstrapNodeConfig
1017 - all_nodes # provided by allNodesConfig
1018 - vip_data # provided by vip-config
1021 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
1022 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
1023 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
1024 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
1026 controller_extraconfig:
1027 mapped_data: {get_param: ControllerExtraConfig}
1029 mapped_data: {get_param: ExtraConfig}
1031 raw_data: {get_file: hieradata/common.yaml}
1033 raw_data: {get_file: hieradata/ceph.yaml}
1035 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
1036 ceph::profile::params::public_network: {get_input: ceph_public_network}
1037 ceph::mon::public_addr: {get_input: ceph_public_ip}
1039 raw_data: {get_file: hieradata/database.yaml}
1041 raw_data: {get_file: hieradata/object.yaml}
1043 raw_data: {get_file: hieradata/controller.yaml}
1044 mapped_data: # data supplied directly to this deployment configuration, etc
1045 bootstack_nodeid: {get_input: bootstack_nodeid}
1048 enable_fencing: {get_input: enable_fencing}
1049 hacluster_pwd: {get_input: pcsd_password}
1050 tripleo::fencing::config: {get_input: fencing_config}
1053 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
1054 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
1055 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
1056 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
1057 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1058 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1059 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1060 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1061 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1062 swift_mount_check: {get_input: swift_mount_check}
1064 # NOTE(dprince): build_ring support is currently not wired in.
1065 # See: https://review.openstack.org/#/c/109225/
1066 tripleo::ringbuilder::build_ring: True
1069 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1070 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1071 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1072 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1073 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1074 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1075 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1076 cinder::database_connection: {get_input: cinder_dsn}
1077 cinder::api::keystone_password: {get_input: cinder_password}
1078 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1079 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1080 cinder::api::bind_host: {get_input: cinder_api_network}
1081 cinder::rabbit_userid: {get_input: rabbit_username}
1082 cinder::rabbit_password: {get_input: rabbit_password}
1083 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1084 cinder::rabbit_port: {get_input: rabbit_client_port}
1085 cinder::debug: {get_input: debug}
1086 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1087 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1088 cinder_backend_config: {get_input: CinderBackendConfig}
1089 cinder::db::mysql::password: {get_input: cinder_password}
1092 glance::api::bind_port: {get_input: glance_port}
1093 glance::api::bind_host: {get_input: glance_api_network}
1094 glance::api::auth_uri: {get_input: keystone_auth_uri}
1095 glance::api::identity_uri: {get_input: keystone_identity_uri}
1096 glance::api::registry_host: {get_input: glance_registry_host}
1097 glance::api::keystone_password: {get_input: glance_password}
1098 glance::api::debug: {get_input: debug}
1099 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1100 glance_log_file: {get_input: glance_log_file}
1101 glance_log_file: {get_input: glance_log_file}
1102 glance::api::database_connection: {get_input: glance_dsn}
1103 glance::registry::keystone_password: {get_input: glance_password}
1104 glance::registry::database_connection: {get_input: glance_dsn}
1105 glance::registry::bind_host: {get_input: glance_registry_network}
1106 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1107 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1108 glance::registry::debug: {get_input: debug}
1109 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
1110 glance::backend::swift::swift_store_user: service:glance
1111 glance::backend::swift::swift_store_key: {get_input: glance_password}
1112 glance_backend: {get_input: glance_backend}
1113 glance::db::mysql::password: {get_input: glance_password}
1114 glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
1115 glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
1116 glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
1117 glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
1120 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1121 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1122 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1123 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1124 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1125 heat::rabbit_userid: {get_input: rabbit_username}
1126 heat::rabbit_password: {get_input: rabbit_password}
1127 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1128 heat::rabbit_port: {get_input: rabbit_client_port}
1129 heat::auth_uri: {get_input: keystone_auth_uri}
1130 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1131 heat::identity_uri: {get_input: keystone_identity_uri}
1132 heat::keystone_password: {get_input: heat_password}
1133 heat::api::bind_host: {get_input: heat_api_network}
1134 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1135 heat::api_cfn::bind_host: {get_input: heat_api_network}
1136 heat::database_connection: {get_input: heat_dsn}
1137 heat::debug: {get_input: debug}
1138 heat::db::mysql::password: {get_input: heat_password}
1141 keystone::admin_token: {get_input: admin_token}
1142 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1143 keystone_signing_key: {get_input: keystone_signing_key}
1144 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1145 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1146 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1147 keystone::database_connection: {get_input: keystone_dsn}
1148 keystone::public_bind_host: {get_input: keystone_public_api_network}
1149 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1150 keystone::debug: {get_input: debug}
1151 keystone::db::mysql::password: {get_input: admin_token}
1152 keystone::rabbit_userid: {get_input: rabbit_username}
1153 keystone::rabbit_password: {get_input: rabbit_password}
1154 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1155 keystone::rabbit_port: {get_input: rabbit_client_port}
1156 keystone::notification_driver: {get_input: keystone_notification_driver}
1157 keystone::notification_format: {get_input: keystone_notification_format}
1159 mongodb::server::bind_ip: {get_input: mongo_db_network}
1160 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1162 admin_password: {get_input: admin_password}
1163 enable_galera: {get_input: enable_galera}
1164 enable_ceph_storage: {get_input: enable_ceph_storage}
1165 enable_swift_storage: {get_input: enable_swift_storage}
1166 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1167 mysql_max_connections: {get_input: mysql_max_connections}
1168 mysql::server::root_password: {get_input: mysql_root_password}
1169 mysql_cluster_name: {get_input: mysql_cluster_name}
1170 mysql_bind_host: {get_input: mysql_network}
1171 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1174 neutron::bind_host: {get_input: neutron_api_network}
1175 neutron::rabbit_password: {get_input: rabbit_password}
1176 neutron::rabbit_user: {get_input: rabbit_user}
1177 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1178 neutron::rabbit_port: {get_input: rabbit_client_port}
1179 neutron::debug: {get_input: debug}
1180 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1181 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1182 neutron::server::database_connection: {get_input: neutron_dsn}
1183 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1184 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1185 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1186 neutron_flat_networks: {get_input: neutron_flat_networks}
1187 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1188 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1189 neutron_agent_mode: {get_input: neutron_agent_mode}
1190 neutron_router_distributed: {get_input: neutron_router_distributed}
1191 neutron::core_plugin: {get_input: neutron_core_plugin}
1192 neutron::service_plugins: {get_input: neutron_service_plugins}
1193 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1194 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1195 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1196 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1197 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1198 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1199 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1200 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1201 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1202 neutron_public_interface: {get_input: neutron_public_interface}
1203 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1204 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1205 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1206 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1207 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1208 neutron::server::auth_password: {get_input: neutron_password}
1209 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1210 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1211 neutron_dsn: {get_input: neutron_dsn}
1212 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1213 neutron::db::mysql::password: {get_input: neutron_password}
1216 ceilometer_backend: {get_input: ceilometer_backend}
1217 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1218 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1219 ceilometer::rabbit_userid: {get_input: rabbit_username}
1220 ceilometer::rabbit_password: {get_input: rabbit_password}
1221 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1222 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1223 ceilometer::debug: {get_input: debug}
1224 ceilometer::api::host: {get_input: ceilometer_api_network}
1225 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1226 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1227 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1228 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1229 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1230 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1231 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1232 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1233 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1236 nova::rabbit_userid: {get_input: rabbit_username}
1237 nova::rabbit_password: {get_input: rabbit_password}
1238 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1239 nova::rabbit_port: {get_input: rabbit_client_port}
1240 nova::debug: {get_input: debug}
1241 nova::api::auth_uri: {get_input: keystone_auth_uri}
1242 nova::api::identity_uri: {get_input: keystone_identity_uri}
1243 nova::api::api_bind_address: {get_input: nova_api_network}
1244 nova::api::metadata_listen: {get_input: nova_metadata_network}
1245 nova::api::admin_password: {get_input: nova_password}
1246 nova::database_connection: {get_input: nova_dsn}
1247 nova::glance_api_servers: {get_input: glance_api_servers}
1248 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1249 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1250 nova::network::neutron::neutron_url: {get_input: neutron_url}
1251 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1252 nova::vncproxy::host: {get_input: nova_api_network}
1253 nova::db::mysql::password: {get_input: nova_password}
1256 apache::ip: {get_input: horizon_network}
1257 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1258 horizon::django_debug: {get_input: debug}
1259 horizon::secret_key: {get_input: horizon_secret}
1260 horizon::bind_address: {get_input: horizon_network}
1261 horizon::keystone_url: {get_input: keystone_auth_uri}
1264 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1265 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1266 rabbitmq::file_limit: {get_input: rabbit_fd_limit}
1268 redis::bind: {get_input: redis_network}
1269 redis_vip: {get_input: redis_vip}
1271 memcached::listen_ip: {get_input: memcached_network}
1272 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1273 ntp::servers: {get_input: ntp_servers}
1274 control_virtual_interface: {get_input: control_virtual_interface}
1275 public_virtual_interface: {get_input: public_virtual_interface}
1276 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1277 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1278 tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
1279 tripleo::packages::enable_install: {get_input: enable_package_install}
1280 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1282 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1283 ControllerExtraConfigPre:
1284 depends_on: ControllerDeployment
1285 type: OS::TripleO::ControllerExtraConfigPre
1287 server: {get_resource: Controller}
1289 # Hook for site-specific additional pre-deployment config,
1290 # applying to all nodes, e.g node registration/unregistration
1292 depends_on: ControllerExtraConfigPre
1293 type: OS::TripleO::NodeExtraConfig
1295 server: {get_resource: Controller}
1298 type: OS::TripleO::Tasks::PackageUpdate
1301 type: OS::Heat::SoftwareDeployment
1303 config: {get_resource: UpdateConfig}
1304 server: {get_resource: Controller}
1307 get_param: UpdateIdentifier
1311 description: IP address of the server in the ctlplane network
1312 value: {get_attr: [Controller, networks, ctlplane, 0]}
1313 external_ip_address:
1314 description: IP address of the server in the external network
1315 value: {get_attr: [ExternalPort, ip_address]}
1316 internal_api_ip_address:
1317 description: IP address of the server in the internal_api network
1318 value: {get_attr: [InternalApiPort, ip_address]}
1320 description: IP address of the server in the storage network
1321 value: {get_attr: [StoragePort, ip_address]}
1322 storage_mgmt_ip_address:
1323 description: IP address of the server in the storage_mgmt network
1324 value: {get_attr: [StorageMgmtPort, ip_address]}
1326 description: IP address of the server in the tenant network
1327 value: {get_attr: [TenantPort, ip_address]}
1329 description: Hostname of the server
1330 value: {get_attr: [Controller, name]}
1333 Node object in the format {ip: ..., name: ...} format that the corosync
1336 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1337 name: {get_attr: [Controller, name]}
1340 Server's IP address and hostname in the /etc/hosts format
1343 template: IP HOST.localdomain HOST CLOUDNAME
1345 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1346 HOST: {get_attr: [Controller, name]}
1347 CLOUDNAME: {get_param: CloudName}
1348 nova_server_resource:
1349 description: Heat resource handle for the Nova compute server
1351 {get_resource: Controller}
1353 description: Swift device formatted for swift-ring-builder
1356 template: 'r1z1-IP:%PORT%/d1'
1358 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1359 swift_proxy_memcache:
1360 description: Swift proxy-memcache value
1363 template: "IP:11211"
1365 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1367 description: identifier which changes if the controller configuration may need re-applying
1371 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1372 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1373 - {get_param: UpdateIdentifier}